US20210091946A1 - Encrypted communication device, encrypted communication system, encrypted communication method, and program - Google Patents

Encrypted communication device, encrypted communication system, encrypted communication method, and program Download PDF

Info

Publication number
US20210091946A1
US20210091946A1 US16/635,373 US201816635373A US2021091946A1 US 20210091946 A1 US20210091946 A1 US 20210091946A1 US 201816635373 A US201816635373 A US 201816635373A US 2021091946 A1 US2021091946 A1 US 2021091946A1
Authority
US
United States
Prior art keywords
key
encrypted communication
communication device
encrypted
common
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US16/635,373
Other versions
US11388001B2 (en
Inventor
Reo YOSHIDA
Tetsutaro Kobayashi
Yuto KAWAHARA
Tomohide Yamamoto
Hironobu Okuyama
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nippon Telegraph and Telephone Corp
Original Assignee
Nippon Telegraph and Telephone Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nippon Telegraph and Telephone Corp filed Critical Nippon Telegraph and Telephone Corp
Assigned to NIPPON TELEGRAPH AND TELEPHONE CORPORATION reassignment NIPPON TELEGRAPH AND TELEPHONE CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: KOBAYASHI, TETSUTARO, YAMAMOTO, TOMOHIDE, YOSHIDA, Reo, OKUYAMA, Hironobu, KAWAHARA, Yuto
Publication of US20210091946A1 publication Critical patent/US20210091946A1/en
Application granted granted Critical
Publication of US11388001B2 publication Critical patent/US11388001B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Definitions

  • the present invention relates to information communication technologies and, in particular, relates to a technology of synchronizing the timing to use a common key in encrypted communication.
  • SDP Session Description Protocol
  • RTP Real-time Transport Protocol
  • TLS Transport Layer Security
  • VoIP Voice over Internet Protocol
  • an object of the present invention is to implement an encrypted communication technology that can correctly decrypt an encrypted communication even when key exchange completion notification is delayed.
  • an encrypted communication device of the present invention includes: a key storage that stores at least one common key which is shared with another encrypted communication device; a key selecting unit that selects an encryption key from the at least one common key stored in the key storage; an encrypting unit that generates encrypted data by encrypting, by using the encryption key, data to be transmitted to the other encrypted communication device; a transmitting unit that transmits, to the other encrypted communication device, the encrypted data with a key index, by which the encryption key is uniquely identified, added thereto; a receiving unit that receives the encrypted data with the key index added thereto from the other encrypted communication device; a key obtaining unit that obtains, from the at least one common key stored in the key storage, a decryption key corresponding to the key index added to the encrypted data; and a decrypting unit that decrypts the encrypted data by using the decryption key.
  • FIG. 1 is a diagram for explaining an existing encrypted communication technology.
  • FIG. 2 is a diagram for explaining an encrypted communication technology of the present invention.
  • FIG. 3 is a diagram illustrating the functional configuration of an encrypted communication system.
  • FIG. 4 is a diagram illustrating the functional configuration of an encrypted communication device.
  • FIG. 5 is a diagram illustrating a procedure of an encrypted communication method.
  • FIG. 1 shows how a common key is used in an existing encrypted communication technology.
  • An example of FIG. 1 illustrates a situation in which a key A and a key B were exchanged between two encrypted communication devices and, while key exchange completion notification for the key A has been received, key exchange completion notification for the key B has not been received. If an encrypted communication device on the transmitting side performs encryption by using the key B in this situation, an encrypted communication device on the receiving side cannot correctly decrypt an encrypted communication because the encrypted communication device cannot use the key B.
  • FIG. 2 shows how a common key is used in an encrypted communication technology of the present invention.
  • the encrypted communication device on the receiving side has not yet received key exchange completion notification for the key B
  • the encrypted communication device on the receiving side can correctly decrypt the encrypted data by using the key B because the encrypted communication device can obtain the key B from the key database by using the key index as a key.
  • the example of FIG. 2 is based on the assumption that creating the database is performed by sharing a key index with the same timing as a key exchange; however, the example is not limited to this mode because a key index only has to be a key index by which a common key can be uniquely identified.
  • a configuration may be adopted in which a one-way function which is shared between an encrypted communication device on the transmitting side and an encrypted communication device on the receiving side is provided; at the time of transmission, an output which is obtained when a common key used for encryption is input to the one-way function is added to encrypted data as a key index and transmitted therewith and, at the time of reception, a common key is obtained, the common key by which an output, which is equal to the received key index, is obtained when the common key held by an encrypted communication device is input to the one-way function, and the encrypted data is decrypted.
  • one encrypted communication device When a key exchange is performed between two encrypted communication devices, one encrypted communication device generates a key index and transmits the key index to the other encrypted communication device, whereby the encrypted communication devices can share the key index.
  • a key management server which is different from an encrypted communication device, generates a common key and distributes the common key to encrypted communication devices to perform a key exchange, the key management server generates a key index and distributes the key index to the encrypted communication devices with the common key, whereby the encrypted communication devices can share the key index.
  • an encrypted communication system of a first embodiment includes a plurality of encrypted communication devices 1 .
  • FIG. 3 shows an example in which two encrypted communication devices 1 1 and 1 2 are present; the number of encrypted communication devices 1 is not limited as long as two or more encrypted communication devices 1 are present.
  • the encrypted communication device 1 1 encrypts data and transmits the encrypted data and the encrypted communication device 1 2 decrypts the received encrypted data.
  • the encrypted communication device 1 1 and the encrypted communication device 1 2 are connected to a communication network 2 .
  • the communication network 2 is a circuit switching or packet-switching communication network that allows devices connected thereto to communicate with each other on a one-to-one basis, and, for example, the Internet, a local area network (LAN), a wide area network (WAN), or the like can be used.
  • LAN local area network
  • WAN wide area network
  • the devices do not necessarily have to be able to communicate with each other online via the communication network 2 .
  • a configuration may be adopted in which information which is output from the encrypted communication device 1 1 is stored in a portable recording medium such as a magnetic tape or Universal Serial Bus (USB) memory and the information is input to the encrypted communication device 1 2 from the portable recording medium offline.
  • a portable recording medium such as a magnetic tape or Universal Serial Bus (USB) memory
  • an encrypted communication method of the first embodiment is implemented.
  • the encrypted communication device 1 i is a special device configured as a result of a special program being read into a publicly known or dedicated computer including, for example, a central processing unit (CPU), a main storage unit (random access memory: RAM), and so forth.
  • the encrypted communication device 1 i executes each processing under the control of the central processing unit, for example.
  • the data input to the encrypted communication device 1 and the data obtained by each processing are stored in the main storage unit, for instance, and the data stored in the main storage unit is read into the central processing unit when necessary and used for other processing.
  • At least part of each processing unit of the encrypted communication device 1 i may be configured with hardware such as an integrated circuit.
  • Each storage of the encrypted communication device 1 i can be configured with, for example, a main storage unit such as random access memory (RAM), an auxiliary storage unit configured with a hard disk, an optical disk, or a semiconductor memory device such as flash memory, or middleware such as a relational database or a key-value store.
  • a main storage unit such as random access memory (RAM)
  • an auxiliary storage unit configured with a hard disk, an optical disk, or a semiconductor memory device such as flash memory
  • middleware such as a relational database or a key-value store.
  • At least one common key, which is shared with the encrypted communication device 1 2 on the receiving side, and a key index, by which each common key is uniquely identified, are stored in a state in which they are correlated with each other.
  • the at least one common key, which is shared with the encrypted communication device 1 1 on the transmitting side, and the key index, by which each common key is uniquely identified are stored in a state in which they are correlated with each other.
  • each common key is uniquely identified means that each common key can be uniquely identified in the entire encrypted communication system, not that each common key is uniquely identified in each key storage 10 i .
  • a key index of a common key A which is stored in the key storage 10 1 is 1 and a key index of a common key B which is stored therein is 2
  • a key index of the common key A which is stored in the key storage 10 2 is also 1 and a key index of the common key B which is stored therein is also 2 .
  • an existing key exchange technology can be used as a method by which the encrypted communication device 1 1 and the encrypted communication device 1 2 share a common key.
  • Step S 11 the key selecting unit 11 1 of the encrypted communication device 1 1 selects one common key which is used for encryption from the at least one common key stored in the key storage 10 1 and obtains the selected common key and a key index correlated with the common key from the key storage 10 1 .
  • the selected common key is referred to as the “encryption key”.
  • the key selecting unit 11 1 may select a common key, for which key exchange completion notification has not been received, of the at least one common key stored in the key storage 10 1 .
  • the key selecting unit 11 1 outputs a set made up of the selected encryption key and the key index to the encrypting unit 12 1 .
  • Step S 12 the encrypting unit 12 1 of the encrypted communication device 1 1 receives the set made up of the encryption key and the key index from the key selecting unit 11 1 and encrypts data to be transmitted to the encrypted communication device 1 2 by using the encryption key.
  • an encryption scheme which is used by the encrypting unit 12 1 an existing encryption scheme defined by a communication protocol corresponding to data to be transmitted can be used.
  • the data which is encrypted is referred to as the “encrypted data”.
  • the encrypting unit 12 1 outputs a set made up of the generated encrypted data and the key index to the transmitting unit 13 1 .
  • Step S 13 the transmitting unit 13 1 of the encrypted communication device 1 1 receives the set made up of the encrypted data and the key index from the encrypting unit 12 1 and transmits the encrypted data with the key index added thereto to the encrypted communication device 1 2 .
  • Step S 14 the receiving unit 14 2 of the encrypted communication device 1 2 receives the encrypted data with the key index added thereto from the encrypted communication device 1 1 .
  • This key index is a key index corresponding to the encryption key used when the encrypted data was encrypted and is a key index corresponding to any one of the at least one common key stored in the key storage 10 2 of the encrypted communication device 1 2 .
  • the receiving unit 14 2 outputs the received key index to the key obtaining unit 15 2 and outputs the received encrypted data to the decrypting unit 16 2 .
  • Step S 15 the key obtaining unit 15 2 of the encrypted communication device 1 2 receives the key index from the receiving unit 14 2 and retrieves and obtains a common key correlated with the key index from the key storage 10 2 of the encrypted communication device 1 2 .
  • the obtained common key is referred to as the “decryption key”. It goes without saying that, since the encryption key and the decryption key are correlated with the same key index, they are one and the same common key.
  • the key obtaining unit 15 2 outputs the obtained decryption key to the decrypting unit 16 2 .
  • Step S 16 the decrypting unit 16 2 of the encrypted communication device 1 2 receives the decryption key from the key obtaining unit 15 2 and decrypts the encrypted data received from the receiving unit 14 2 by using the decryption key.
  • a decryption scheme which is used by the decrypting unit 16 2 is a decryption scheme corresponding to the encryption scheme used by the encrypting unit 12 1 .
  • the encrypted communication system transmits encrypted data with a key index, which corresponds to a common key used for encryption, added thereto, which makes it possible to use even a common key, for which key exchange completion notification has not been received, for encryption and decryption if a key exchange itself is completed.
  • a key index which corresponds to a common key used for encryption, added thereto, which makes it possible to use even a common key, for which key exchange completion notification has not been received, for encryption and decryption if a key exchange itself is completed.
  • At least one common key, which is shared with the encrypted communication device 1 2 on the receiving side, and a one-way function, which is shared with the encrypted communication device 1 2 of the second embodiment, are stored.
  • the key storage 10 2 of the encrypted communication device 1 2 of the second embodiment at least one common key, which is shared with the encrypted communication device 1 1 on the transmitting side, and the one-way function, which is shared with the encrypted communication device 1 1 of the second embodiment, are stored.
  • a hash function such as SHA-256 can be used.
  • Step S 11 the key selecting unit 11 1 of the encrypted communication device 1 1 selects one encryption key which is used for encryption from the at least one common key stored in the key storage 10 1 and obtains the selected encryption key from the key storage 10 1 . Moreover, the key selecting unit 11 1 generates an output which is obtained when the obtained encryption key is input to the one-way function stored in the key storage 10 1 as a key index. The key selecting unit 11 1 outputs a set made up of the selected encryption key and the key index to the encrypting unit 12 1 .
  • Steps S 12 to S 14 The processing from Steps S 12 to S 14 is the same as that of the first embodiment.
  • Step S 15 the key obtaining unit 15 2 of the encrypted communication device 1 2 receives the key index from the receiving unit 14 2 and obtains a common key by which an output, which is equal to the received key index, is obtained when the common key stored in the key storage 10 2 is input to the one-way function stored in the key storage 10 2 as a decryption key.
  • the key obtaining unit 15 2 outputs the obtained decryption key to the decrypting unit 16 2 .
  • Step S 16 is the same as that of the first embodiment.
  • the encrypted communication system of the second embodiment being configured as described above, although the amount of computation needed to calculate a key index every time an encryption key is selected and every time a decryption key is obtained is increased, there is no need to store a key index in advance in the encrypted communication devices in such a way that the key index is shared therebetween, which eliminates the need for key index sharing processing at the time of a key exchange and makes it possible to reduce the capacity of the key storage 10 i of the encrypted communication device 1 i .
  • the computer-readable recording medium may be any medium such as a magnetic recording device, an optical disk, a magneto-optical recording medium, and a semiconductor memory.
  • Distribution of this program is implemented by sales, transfer, rental, and other transactions of a portable recording medium such as a DVD and a CD-ROM on which the program is recorded, for example. Furthermore, this program may be stored in a storage unit of a server computer and transferred from the server computer to other computers via a network so as to be distributed.
  • a computer which executes such program first stores the program recorded in a portable recording medium or transferred from a server computer once in a storage unit thereof, for example.
  • the computer reads out the program stored in the storage unit thereof and performs processing in accordance with the program thus read out.
  • the computer may directly read out the program from a portable recording medium and perform processing in accordance with the program.
  • the computer may sequentially perform processing in accordance with the received program.
  • a configuration may be adopted in which the transfer of a program to the computer from the server computer is not performed and the above-described processing is executed by so-called application service provider (ASP)-type service by which the processing functions are implemented only by an instruction for execution thereof and result acquisition.
  • ASP application service provider
  • a program according to the present embodiment includes information which is provided for processing performed by electronic calculation equipment and which is equivalent to a program (such as data which is not a direct instruction to the computer but has a property specifying the processing performed by the computer).
  • the present device is configured with a predetermined program executed on a computer.
  • the present device may be configured with at least part of these processing contents realized in a hardware manner.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)

Abstract

An encrypted communication is correctly decrypted even when key exchange completion notification is delayed. A key storage (10) stores at least one common key which is shared with another encrypted communication device. A key selecting unit (11) selects an encryption key from the at least one common key stored in the key storage (10). An encrypting unit (12) generates encrypted data by encrypting, by using the encryption key, data to be transmitted to the other encrypted communication device. A transmitting unit (13) transmits, to the other encrypted communication device, the encrypted data with a key index, by which the encryption key is uniquely identified, added thereto. A receiving unit (14) receives the encrypted data with the key index added thereto from the other encrypted communication device. A key obtaining unit (15) obtains, from the at least one common key stored in the key storage (10), a decryption key corresponding to the key index added to the encrypted data. A decrypting unit (16) decrypts the encrypted data by using the decryption key.

Description

    TECHNICAL FIELD
  • The present invention relates to information communication technologies and, in particular, relates to a technology of synchronizing the timing to use a common key in encrypted communication.
    • BACKGROUND ART
  • In encrypted communication such as Session Description Protocol (SDP), Real-time Transport Protocol (RTP), and Transport Layer Security (TLS), a common key which is used for encryption is made usable immediately after the transmission or reception of an ACK message or a Finished message (hereinafter referred to as “key exchange completion notification”) indicating the completion of a key exchange. The details of SDP are described in Non-patent Literature 1, the details of RTP are described in Non-patent Literature 2, and the details of TLS are described in Non-patent Literature 3.
  • For example, in encryption in an IP telephony system, by a multiparty key exchange technique, a Voice over Internet Protocol (VoIP) layer is notified of the completion of a key exchange as the return value of a terminal API in order to assure the completion of a key exchange between terminals which carry out communication. This makes it possible to reproduce a speech sound without interruption of a call even when keys are exchanged at high frequency in one VoIP session.
    • PRIOR ART LITERATURE Non-Patent Literature
    • Non-patent Literature 1: “Session Description Protocol (SDP)”, [online], [searched on Jul. 18, 2017], the Internet <URL: https://tools.ietf.org/html/rfc4568>
    • Non-patent Literature 2: “ZRTP: Media Path Key Agreement for Unicast Secure RTP”, [online], [searched on Jul. 18, 2017], the Internet <URL: https://tools.ietf.org/html/rfc6189>
    • Non-patent Literature 3: “The Transport Layer Security (TLS) Protocol”, [online], [searched on Jul. 18, 2017], the Internet <URL: https://tools.ietf.org/html/rfc5246>
    SUMMARY OF THE INVENTION Problems to be Solved by the Invention
  • However, in a best-effort network, an adequate communication band for a lower layer cannot be provided due to priority control or the like, which sometimes makes an encrypted communication arrive before key exchange completion notification. In this case, in spite of the fact that an exchange of a common key is completed, the common key cannot be used, which makes it impossible to decrypt the encrypted communication correctly. For instance, when a mobile virtual network operator (MVNO) network whose communication band is less than 100 kbps is used in a mobile network, it has been shown that a reception timing of key exchange completion notification, which is returned to each terminal from a server, is deviated in some terminals, which causes a phenomenon in which speech cannot be correctly decrypted temporarily.
  • In light of the foregoing, an object of the present invention is to implement an encrypted communication technology that can correctly decrypt an encrypted communication even when key exchange completion notification is delayed.
    • Means to Solve the Problems
  • In order to solve the above-described problem, an encrypted communication device of the present invention includes: a key storage that stores at least one common key which is shared with another encrypted communication device; a key selecting unit that selects an encryption key from the at least one common key stored in the key storage; an encrypting unit that generates encrypted data by encrypting, by using the encryption key, data to be transmitted to the other encrypted communication device; a transmitting unit that transmits, to the other encrypted communication device, the encrypted data with a key index, by which the encryption key is uniquely identified, added thereto; a receiving unit that receives the encrypted data with the key index added thereto from the other encrypted communication device; a key obtaining unit that obtains, from the at least one common key stored in the key storage, a decryption key corresponding to the key index added to the encrypted data; and a decrypting unit that decrypts the encrypted data by using the decryption key.
    • Effects of the Invention
  • With the encrypted communication technology of the present invention, it is possible to decrypt an encrypted communication correctly even when key exchange completion notification is delayed.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a diagram for explaining an existing encrypted communication technology.
  • FIG. 2 is a diagram for explaining an encrypted communication technology of the present invention.
  • FIG. 3 is a diagram illustrating the functional configuration of an encrypted communication system.
  • FIG. 4 is a diagram illustrating the functional configuration of an encrypted communication device.
  • FIG. 5 is a diagram illustrating a procedure of an encrypted communication method.
    •  DETAILED DESCRIPTION OF THE EMBODIMENTS
  • FIG. 1 shows how a common key is used in an existing encrypted communication technology. An example of FIG. 1 illustrates a situation in which a key A and a key B were exchanged between two encrypted communication devices and, while key exchange completion notification for the key A has been received, key exchange completion notification for the key B has not been received. If an encrypted communication device on the transmitting side performs encryption by using the key B in this situation, an encrypted communication device on the receiving side cannot correctly decrypt an encrypted communication because the encrypted communication device cannot use the key B.
  • In the present invention, at the time of transmission of an encrypted communication, a key index, by which a common key used for encryption is uniquely identified, is added to encrypted data and transmitted therewith and, at the time of reception of the encrypted communication, a common key corresponding to the key index is obtained and the received encrypted data is decrypted. FIG. 2 shows how a common key is used in an encrypted communication technology of the present invention. In an example of FIG. 2, an encrypted communication device has a key database of a common key and a key index which are correlated with each other, and an encrypted communication device on the transmitting side transmits a key index (=2) corresponding to a key B used for encryption to an encrypted communication device on the receiving side. Although the encrypted communication device on the receiving side has not yet received key exchange completion notification for the key B, the encrypted communication device on the receiving side can correctly decrypt the encrypted data by using the key B because the encrypted communication device can obtain the key B from the key database by using the key index as a key.
  • The example of FIG. 2 is based on the assumption that creating the database is performed by sharing a key index with the same timing as a key exchange; however, the example is not limited to this mode because a key index only has to be a key index by which a common key can be uniquely identified. For instance, a configuration may be adopted in which a one-way function which is shared between an encrypted communication device on the transmitting side and an encrypted communication device on the receiving side is provided; at the time of transmission, an output which is obtained when a common key used for encryption is input to the one-way function is added to encrypted data as a key index and transmitted therewith and, at the time of reception, a common key is obtained, the common key by which an output, which is equal to the received key index, is obtained when the common key held by an encrypted communication device is input to the one-way function, and the encrypted data is decrypted. When a key exchange is performed between two encrypted communication devices, one encrypted communication device generates a key index and transmits the key index to the other encrypted communication device, whereby the encrypted communication devices can share the key index. When a key management server, which is different from an encrypted communication device, generates a common key and distributes the common key to encrypted communication devices to perform a key exchange, the key management server generates a key index and distributes the key index to the encrypted communication devices with the common key, whereby the encrypted communication devices can share the key index.
  • Hereinafter, embodiments of the present invention will be described in detail. In the drawings, constituent units having the same function are identified with the same reference character, and overlapping explanations will be omitted.
    • First Embodiment
  • As illustrated in FIG. 3, an encrypted communication system of a first embodiment includes a plurality of encrypted communication devices 1.
  • FIG. 3 shows an example in which two encrypted communication devices 1 1 and 1 2 are present; the number of encrypted communication devices 1 is not limited as long as two or more encrypted communication devices 1 are present. In the following description, it is assumed that the encrypted communication device 1 1 encrypts data and transmits the encrypted data and the encrypted communication device 1 2 decrypts the received encrypted data. In this embodiment, the encrypted communication device 1 1 and the encrypted communication device 1 2 are connected to a communication network 2. The communication network 2 is a circuit switching or packet-switching communication network that allows devices connected thereto to communicate with each other on a one-to-one basis, and, for example, the Internet, a local area network (LAN), a wide area network (WAN), or the like can be used. The devices do not necessarily have to be able to communicate with each other online via the communication network 2. For instance, a configuration may be adopted in which information which is output from the encrypted communication device 1 1 is stored in a portable recording medium such as a magnetic tape or Universal Serial Bus (USB) memory and the information is input to the encrypted communication device 1 2 from the portable recording medium offline.
  • As illustrated in FIG. 4, the encrypted communication device 1 i (i=1, 2) included in the encrypted communication system includes a key storage 10 i, a key selecting unit 11 i, an encrypting unit 12 i, a transmitting unit 13 i, a receiving unit 14 i, a key obtaining unit 15 i, and a decrypting unit 16 i. As a result of the two encrypted communication devices 1 1 and 1 2 performing processing in steps shown in FIG. 5 in cooperation with each other, an encrypted communication method of the first embodiment is implemented.
  • The encrypted communication device 1 i is a special device configured as a result of a special program being read into a publicly known or dedicated computer including, for example, a central processing unit (CPU), a main storage unit (random access memory: RAM), and so forth. The encrypted communication device 1 i executes each processing under the control of the central processing unit, for example. The data input to the encrypted communication device 1 and the data obtained by each processing are stored in the main storage unit, for instance, and the data stored in the main storage unit is read into the central processing unit when necessary and used for other processing. At least part of each processing unit of the encrypted communication device 1 i may be configured with hardware such as an integrated circuit. Each storage of the encrypted communication device 1 i can be configured with, for example, a main storage unit such as random access memory (RAM), an auxiliary storage unit configured with a hard disk, an optical disk, or a semiconductor memory device such as flash memory, or middleware such as a relational database or a key-value store.
  • Hereinafter, the encrypted communication method which is executed by the encrypted communication system of the first embodiment will be described with reference to FIG. 5.
  • In the key storage 10 1 of the encrypted communication device 1 1 on the transmitting side, at least one common key, which is shared with the encrypted communication device 1 2 on the receiving side, and a key index, by which each common key is uniquely identified, are stored in a state in which they are correlated with each other. In the key storage 10 2 of the encrypted communication device 1 2 on the receiving side, the at least one common key, which is shared with the encrypted communication device 1 1 on the transmitting side, and the key index, by which each common key is uniquely identified, are stored in a state in which they are correlated with each other. Here, “each common key is uniquely identified” means that each common key can be uniquely identified in the entire encrypted communication system, not that each common key is uniquely identified in each key storage 10 i. That is, when a key index of a common key A which is stored in the key storage 10 1 is 1 and a key index of a common key B which is stored therein is 2, a key index of the common key A which is stored in the key storage 10 2 is also 1 and a key index of the common key B which is stored therein is also 2. When the encrypted communication device 1 i (i=1, 2) communicates also with the other encrypted communication device 1 j (j=1, 2 and i≠j), for each encrypted communication device 1 j with which the encrypted communication device 1 i communicates, the encrypted communication device 1 i only has to store at least one common key, which is shared with the encrypted communication device 1 j, and a key index, by which each common key is uniquely identified, in a state in which they are correlated with each other. As a method by which the encrypted communication device 1 1 and the encrypted communication device 1 2 share a common key, an existing key exchange technology can be used.
  • In Step S11, the key selecting unit 11 1 of the encrypted communication device 1 1 selects one common key which is used for encryption from the at least one common key stored in the key storage 10 1 and obtains the selected common key and a key index correlated with the common key from the key storage 10 1. Hereinafter, the selected common key is referred to as the “encryption key”. In this case, the key selecting unit 11 1 may select a common key, for which key exchange completion notification has not been received, of the at least one common key stored in the key storage 10 1. The key selecting unit 11 1 outputs a set made up of the selected encryption key and the key index to the encrypting unit 12 1.
  • In Step S12, the encrypting unit 12 1 of the encrypted communication device 1 1 receives the set made up of the encryption key and the key index from the key selecting unit 11 1 and encrypts data to be transmitted to the encrypted communication device 1 2 by using the encryption key. As an encryption scheme which is used by the encrypting unit 12 1, an existing encryption scheme defined by a communication protocol corresponding to data to be transmitted can be used. Hereinafter, the data which is encrypted is referred to as the “encrypted data”. The encrypting unit 12 1 outputs a set made up of the generated encrypted data and the key index to the transmitting unit 13 1.
  • In Step S13, the transmitting unit 13 1 of the encrypted communication device 1 1 receives the set made up of the encrypted data and the key index from the encrypting unit 12 1 and transmits the encrypted data with the key index added thereto to the encrypted communication device 1 2.
  • In Step S14, the receiving unit 14 2 of the encrypted communication device 1 2 receives the encrypted data with the key index added thereto from the encrypted communication device 1 1. This key index is a key index corresponding to the encryption key used when the encrypted data was encrypted and is a key index corresponding to any one of the at least one common key stored in the key storage 10 2 of the encrypted communication device 1 2. The receiving unit 14 2 outputs the received key index to the key obtaining unit 15 2 and outputs the received encrypted data to the decrypting unit 16 2.
  • In Step S15, the key obtaining unit 15 2 of the encrypted communication device 1 2 receives the key index from the receiving unit 14 2 and retrieves and obtains a common key correlated with the key index from the key storage 10 2 of the encrypted communication device 1 2. Hereinafter, the obtained common key is referred to as the “decryption key”. It goes without saying that, since the encryption key and the decryption key are correlated with the same key index, they are one and the same common key. The key obtaining unit 15 2 outputs the obtained decryption key to the decrypting unit 16 2.
  • In Step S16, the decrypting unit 16 2 of the encrypted communication device 1 2 receives the decryption key from the key obtaining unit 15 2 and decrypts the encrypted data received from the receiving unit 14 2 by using the decryption key. A decryption scheme which is used by the decrypting unit 16 2 is a decryption scheme corresponding to the encryption scheme used by the encrypting unit 12 1.
  • As a result of the encrypted communication system of the first embodiment being configured as described above, the encrypted communication system transmits encrypted data with a key index, which corresponds to a common key used for encryption, added thereto, which makes it possible to use even a common key, for which key exchange completion notification has not been received, for encryption and decryption if a key exchange itself is completed. Thus, even when key exchange completion notification is delayed due to the influence of, for example, priority control of a network or the like and encrypted data arrives before the key exchange completion notification, the encrypted data can be correctly decrypted.
    • Second Embodiment
  • In the first embodiment, a configuration in which a key index, by which each common key is uniquely identified, is stored in advance in the key storage 10 i in a state in which a key index is correlated with each common key has been described. In an encrypted communication system of a second embodiment, a configuration is adopted in which a key index is generated as occasion arises by using a one-way function which is shared between encrypted communication devices. Hereinafter, a difference between the encrypted communication system of the second embodiment and the encrypted communication system of the first embodiment will be mainly described.
  • In the key storage 10 1 of the encrypted communication device 1 1 of the second embodiment, at least one common key, which is shared with the encrypted communication device 1 2 on the receiving side, and a one-way function, which is shared with the encrypted communication device 1 2 of the second embodiment, are stored. In the key storage 10 2 of the encrypted communication device 1 2 of the second embodiment, at least one common key, which is shared with the encrypted communication device 1 1 on the transmitting side, and the one-way function, which is shared with the encrypted communication device 1 1 of the second embodiment, are stored. As this one-way function, a hash function such as SHA-256 can be used.
  • In Step S11, the key selecting unit 11 1 of the encrypted communication device 1 1 selects one encryption key which is used for encryption from the at least one common key stored in the key storage 10 1 and obtains the selected encryption key from the key storage 10 1. Moreover, the key selecting unit 11 1 generates an output which is obtained when the obtained encryption key is input to the one-way function stored in the key storage 10 1 as a key index. The key selecting unit 11 1 outputs a set made up of the selected encryption key and the key index to the encrypting unit 12 1.
  • The processing from Steps S12 to S14 is the same as that of the first embodiment.
  • In Step S15, the key obtaining unit 15 2 of the encrypted communication device 1 2 receives the key index from the receiving unit 14 2 and obtains a common key by which an output, which is equal to the received key index, is obtained when the common key stored in the key storage 10 2 is input to the one-way function stored in the key storage 10 2 as a decryption key. The key obtaining unit 15 2 outputs the obtained decryption key to the decrypting unit 16 2.
  • The processing in Step S16 is the same as that of the first embodiment.
  • As a result of the encrypted communication system of the second embodiment being configured as described above, although the amount of computation needed to calculate a key index every time an encryption key is selected and every time a decryption key is obtained is increased, there is no need to store a key index in advance in the encrypted communication devices in such a way that the key index is shared therebetween, which eliminates the need for key index sharing processing at the time of a key exchange and makes it possible to reduce the capacity of the key storage 10 i of the encrypted communication device 1 i.
  • While the embodiments of the present invention have been described, specific configurations are not limited to these embodiments, but design modifications and the like within a range not departing from the spirit of the invention are encompassed in the scope of the invention, of course. The various processes described in the embodiments may be executed in parallel or separately depending on the processing ability of a device executing the process or on any necessity, rather than being executed in time series in accordance with the described order.
  • [Program and Recording Medium]
  • When various types of processing functions in the devices described in the above embodiments are implemented on a computer, the contents of processing function to be contained in each device is written by a program. With this program executed on the computer, various types of processing functions in the above-described devices are implemented on the computer.
  • This program in which the contents of processing are written can be recorded in a computer-readable recording medium. The computer-readable recording medium may be any medium such as a magnetic recording device, an optical disk, a magneto-optical recording medium, and a semiconductor memory.
  • Distribution of this program is implemented by sales, transfer, rental, and other transactions of a portable recording medium such as a DVD and a CD-ROM on which the program is recorded, for example. Furthermore, this program may be stored in a storage unit of a server computer and transferred from the server computer to other computers via a network so as to be distributed.
  • A computer which executes such program first stores the program recorded in a portable recording medium or transferred from a server computer once in a storage unit thereof, for example. When the processing is performed, the computer reads out the program stored in the storage unit thereof and performs processing in accordance with the program thus read out. As another execution form of this program, the computer may directly read out the program from a portable recording medium and perform processing in accordance with the program. Furthermore, each time the program is transferred to the computer from the server computer, the computer may sequentially perform processing in accordance with the received program. Alternatively, a configuration may be adopted in which the transfer of a program to the computer from the server computer is not performed and the above-described processing is executed by so-called application service provider (ASP)-type service by which the processing functions are implemented only by an instruction for execution thereof and result acquisition. It should be noted that a program according to the present embodiment includes information which is provided for processing performed by electronic calculation equipment and which is equivalent to a program (such as data which is not a direct instruction to the computer but has a property specifying the processing performed by the computer).
  • In the present embodiment, the present device is configured with a predetermined program executed on a computer. However, the present device may be configured with at least part of these processing contents realized in a hardware manner.

Claims (6)

1. An encrypted communication device comprising:
a key storage that stores at least one common key which is shared with another encrypted communication device; and
processing circuitry configured to:
select an encryption key from the at least one common key stored in the key storage;
generate encrypted data by encrypting, by using the encryption key, data to be transmitted to the other encrypted communication device;
transmit, to the other encrypted communication device, the encrypted data with a key index, by which the encryption key is uniquely identified, added thereto;
receive the encrypted data with the key index added thereto from the other encrypted communication device;
obtain, from the at least one common key stored in the key storage, a decryption key corresponding to the key index added to the encrypted data; and
decrypt the encrypted data by using the decryption key.
2. The encrypted communication device according to claim 1, wherein
the key storage stores a key index, by which each common key is uniquely identified, in a state in which the key index is correlated with each common key,
the processing circuitry selects the encryption key from the at least one common key stored in the key storage and obtains the key index correlated with the encryption key, and
the processing circuitry obtains, as the decryption key, the common key correlated with a same key index as the key index added to the encrypted data from the at least one common key stored in the key storage.
3. The encrypted communication device according to claim 1, wherein
the processing circuitry selects the encryption key from the at least one common key stored in the key storage and obtains, as the key index, an output which is obtained when the encryption key is input to a one-way function, and
the processing circuitry obtains, as the decryption key, the common key by which an output, which is equal to the key index added to the encrypted data, is obtained when the common key stored in the key storage is input to the one-way function.
4. An encrypted communication system in which a plurality of encrypted communication devices transmit and receive encrypted data, wherein
each encrypted communication device includes
a key storage that stores at least one common key which is shared with another encrypted communication device, and
processing circuitry configured to:
select an encryption key from the at least one common key stored in the key storage,
generate the encrypted data by encrypting, by using the encryption key, data to be transmitted to the other encrypted communication device,
transmit, to the other encrypted communication device, the encrypted data with a key index, by which the encryption key is uniquely identified, added thereto,
receive the encrypted data with the key index added thereto from the other encrypted communication device,
obtain, from the at least one common key stored in the key storage, a decryption key corresponding to the key index added to the encrypted data, and
decrypt the encrypted data by using the decryption key.
5. An encrypted communication method by which a first encrypted communication device and a second encrypted communication device transmit and receive encrypted data, wherein
the first encrypted communication device stores at least one common key, which is shared with the second encrypted communication device, in a first key storage,
the encrypted communication method comprising:
storing, by the second encrypted communication device, the at least one common key, which is shared with the first encrypted communication device, in a second key storage,
selecting, by the first encrypted communication device, an encryption key from the at least one common key stored in the first key storage,
generating, by the first encrypted communication device, the encrypted data by encrypting, by using the encryption key, data to be transmitted to the second encrypted communication device,
transmitting, by the first encrypted communication device, to the second encrypted communication device, the encrypted data with a key index, by which the encryption key is uniquely identified, added thereto,
receiving, by the second encrypted communication device, the encrypted data with the key index added thereto from the first encrypted communication device,
obtaining, by the second encrypted communication device, from the at least one common key stored in the second key storage, a decryption key corresponding to the key index added to the encrypted data, and
decrypting by the second encrypted communication device, the encrypted data by using the decryption key.
6. A program for making a computer function as the encrypted communication device according to any one of claims 1 to 3.
US16/635,373 2017-08-02 2018-07-27 Encrypted communication device, encrypted communication system, encrypted communication method, and program Active 2039-02-09 US11388001B2 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
JPJP2017-149603 2017-08-02
JP2017-149603 2017-08-02
JP2017149603 2017-08-02
PCT/JP2018/028183 WO2019026776A1 (en) 2017-08-02 2018-07-27 Encrypted communication device, encrypted communication system, encrypted communication method, and program

Publications (2)

Publication Number Publication Date
US20210091946A1 true US20210091946A1 (en) 2021-03-25
US11388001B2 US11388001B2 (en) 2022-07-12

Family

ID=65233770

Family Applications (1)

Application Number Title Priority Date Filing Date
US16/635,373 Active 2039-02-09 US11388001B2 (en) 2017-08-02 2018-07-27 Encrypted communication device, encrypted communication system, encrypted communication method, and program

Country Status (6)

Country Link
US (1) US11388001B2 (en)
EP (1) EP3664364A4 (en)
JP (1) JP6911923B2 (en)
KR (1) KR20200016990A (en)
CN (1) CN110999208A (en)
WO (1) WO2019026776A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11416633B2 (en) * 2019-02-15 2022-08-16 International Business Machines Corporation Secure, multi-level access to obfuscated data for analytics
CN110351292B (en) * 2019-03-05 2020-08-25 腾讯科技(深圳)有限公司 Private key management method, device, equipment and storage medium

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5222137A (en) 1991-04-03 1993-06-22 Motorola, Inc. Dynamic encryption key selection for encrypted radio transmissions
NZ500372A (en) * 1995-06-05 2001-04-27 Certco Inc Delegated use of electronic signature
US6567914B1 (en) * 1998-07-22 2003-05-20 Entrust Technologies Limited Apparatus and method for reducing transmission bandwidth and storage requirements in a cryptographic security system
JP3644579B2 (en) * 1998-10-29 2005-04-27 富士通株式会社 Security enhancement method and apparatus
US6988196B2 (en) * 2000-12-22 2006-01-17 Lenovo (Singapore) Pte Ltd Computer system and method for generating a digital certificate
US7050589B2 (en) * 2001-08-17 2006-05-23 Sun Microsystems, Inc. Client controlled data recovery management
DE10142498A1 (en) * 2001-08-30 2003-03-27 Siemens Ag Encoding/decoding communications data involves transmitting key information as number of selected with each data packet, decoding data by associating key number with key stored in table
CN1729495A (en) * 2002-12-18 2006-02-01 皇家飞利浦电子股份有限公司 Key synchronization in a visual cryptographic system
JP2006019975A (en) 2004-06-30 2006-01-19 Matsushita Electric Ind Co Ltd Cipher packet communication system, receiving device and transmitting device with which same is equipped , and communication method, receiving method, transmitting method, receiving program and transmitting program for cipher packet which are applied thereto
JP4179563B2 (en) * 2006-09-21 2008-11-12 インターナショナル・ビジネス・マシーンズ・コーポレーション Technology for managing cryptographic keys for cryptographic communications
US8194858B2 (en) * 2009-02-19 2012-06-05 Physical Optics Corporation Chaotic cipher system and method for secure communication
JP5975594B2 (en) * 2010-02-01 2016-08-23 沖電気工業株式会社 Communication terminal and communication system
JP5275432B2 (en) * 2011-11-11 2013-08-28 株式会社東芝 Storage medium, host device, memory device, and system
US20130144755A1 (en) * 2011-12-01 2013-06-06 Microsoft Corporation Application licensing authentication
US20140181985A1 (en) * 2012-12-21 2014-06-26 Broadcom Corporation Content Specific Data Scrambling
JP2015099961A (en) * 2013-11-18 2015-05-28 三菱電機株式会社 Information delivery system, server device, information generating device, terminal device, information delivery method, and program
US9264899B2 (en) * 2013-12-19 2016-02-16 Nxp, B.V. Binding mobile device secure software components to the SIM
JP6216662B2 (en) * 2014-02-28 2017-10-18 日本電産コパル株式会社 ENCRYPTED COMMUNICATION DEVICE, ENCRYPTED COMMUNICATION SYSTEM, AND ENCRYPTED COMMUNICATION METHOD
US20170039397A1 (en) * 2015-08-06 2017-02-09 Kabushiki Kaisha Toshiba Encryption/decryption apparatus, controller and encryption key protection method

Also Published As

Publication number Publication date
US11388001B2 (en) 2022-07-12
KR20200016990A (en) 2020-02-17
EP3664364A1 (en) 2020-06-10
JP6911923B2 (en) 2021-07-28
WO2019026776A1 (en) 2019-02-07
CN110999208A (en) 2020-04-10
EP3664364A4 (en) 2021-04-21
JPWO2019026776A1 (en) 2020-07-27

Similar Documents

Publication Publication Date Title
US12058253B2 (en) Method and apparatus for controlling data access right to data stored on a blockchain
CN109120639B (en) Data cloud storage encryption method and system based on block chain
US10581599B2 (en) Cloud storage method and system
US11864263B2 (en) Wireless connection establishing methods and wireless connection establishing apparatuses
US11303431B2 (en) Method and system for performing SSL handshake
US20180351737A1 (en) Communication apparatus, communication system, key sharing method, and computer program product
US11595187B2 (en) Communication device and communication method used in decentralized network
US11677543B2 (en) Key exchange method and key exchange system
US11671279B2 (en) Determining a session key using session data
WO2023174038A9 (en) Data transmission method and related device
US11606193B2 (en) Distributed session resumption
US11388001B2 (en) Encrypted communication device, encrypted communication system, encrypted communication method, and program
US10339323B2 (en) Group license encryption and decryption
US8615651B1 (en) Offline shared security key calculation
US9083682B2 (en) Communication device and computer program product
US20240129281A1 (en) Method and apparatus for implementing secure multicast in blockchain network
KR102512871B1 (en) Centralized private key management method for multiple user devices related to a single public key
KR20170100403A (en) Apparatus for authentication using self-certifying identifier on internet of things and method using the same
CN115333820B (en) Block chain data processing method, device, equipment and storage medium
WO2021109998A1 (en) Media content transmission method and apparatus, and storage medium
CN117939450A (en) Bluetooth mesh network connection method and device and Bluetooth communication system

Legal Events

Date Code Title Description
AS Assignment

Owner name: NIPPON TELEGRAPH AND TELEPHONE CORPORATION, JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:YOSHIDA, REO;KOBAYASHI, TETSUTARO;KAWAHARA, YUTO;AND OTHERS;SIGNING DATES FROM 20200110 TO 20200127;REEL/FRAME:051674/0058

FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STCF Information on status: patent grant

Free format text: PATENTED CASE